and 3 others joined a min ago.
0
1.1kviews
0
110views
written 5.3 years ago by
teamques10
★ 68k
|
- Assess Existing State (create a baseline)
- Create a Risk Assessment Summary, and categorize systems as low, moderate, or high impact relative to security.
- Classify assets per FIPS 199 (Low, Moderate, High)
- Secure systems per the appropriate NIST standard by system type (email, DNS, Wireless, etc...)
- Review Internally, and Independently (annually) for compliance.
- Implement policies and procedures to reduce risk to an acceptable level.
- Periodically review and test procedures to ensure effectiveness.
- Designate a security information officer with primary duties as security.
- Implement a security awareness training program for staff and contractors.
ADD COMMENT
EDIT
Please log in to add an answer.